similar to: Wondershaper breaks IPSec tunnels

Hi, I''ve modified my copy of the wondershaper script to add a few filters that allow traffic to and from a few specific ips go through with a speed of up to 100Mbits... I increased the root from 10 to 100mbit, and added this bit of code a bit further down the script; # Real time hosts for i in 62.101.244.63/32 216.74.158.11/32 216.74.158.3/32 216.74.158.57/32; do tc filter add dev

Hi, I just installed wondershapper 1.1a on my ipcop firewall box. I have roadrunner cable with a ftp server setup. My download speed is 2mbit (I get 225 KBytes) and my upload is 384kbit (I send at 43 KBytes). What should the settings in wshaper? I can ping yahoo.com at 90msec with little traffic.....and at around 220msec with full upload traffic. Mark

I just installed Xandros 2.0 Desktop. I used apt-get to install iproute. I then downloaded wondershaper 1.1a from the website. I edited the script as the readme says. I went to console and started the wondershaper script...and i get the following error messages. RTNETLINK answers: Invalid Argument many times. Any ideas what is wrong? MArk _______________________________________________

we have an external 2Mbit dsl connection and running on it are several gre vpn tunnels so far i''ve given priority to the vpn traffic (using htb) can i now put rules in for the tunnels to control traffic within each tunnel (that''s where our video conferencing etc runs)? or can i only control the real interface (eth1 in our setup)? if not can i somehow see the packets inside the

[I sent this earlier but I guess the list is subscriber-only?] I just set up wondershaper, it has a simple filter on the downstream direction to limit the bandwidth usage: tc qdisc add dev $DEV handle ffff: ingress tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1 This is effective but is there any way to

Hullo :) I appear to be having a common problem, but the standard fix hasn''t worked for me :/ I''m using a 2.4.23 kernel, with QoS options thusly: # QoS and/or fair queueing # CONFIG_NET_SCHED=y # CONFIG_NET_SCH_CBQ is not set CONFIG_NET_SCH_HTB=m # CONFIG_NET_SCH_CSZ is not set CONFIG_NET_SCH_PRIO=m CONFIG_NET_SCH_RED=m CONFIG_NET_SCH_SFQ=m CONFIG_NET_SCH_TEQL=m

Hi - I''ve been going through the LARTC how-to and have successfully used the sample scripts (and wondershaper) with my xDSL links. I''m now faced with the challenge of providing 8 users at work an effective remote access connection over a PSTN ppp connection. The critical traffic in this case relates to our stock enquiry application which is running over terminal services.

Greetings, I''m new to LARTC and I''m trying to solve a problem with multiple clients accessing a game server. So I thought I''d give traffic control a shot. I''ve downloaded Wonder Shaper and have added this to the default script: tc filter add dev $DEV parent 1:0 protocol ip prio 12 u32 \ match ip protocol 0x6 0xff flowid 1:3 I''m now quite sure

To stress the urgency and importance of my questions, I am willing to pay $100 to the first person that can provide me with the scripts/ rules that will work in my SnapGear firewalls that will solve the problems I am having. Please see the following post: Linux QOS and prioritization of real-time data (RTP/VoIP) Thank you!

Hi, i don''t know if anyone can help me. I Have and Linux RedHat 9.0 machine, where i have installed the wondershaper script to limit my inbound internet speed. And on the Linux it works fine, but then i have an Windows machine that uses the linux machine to get to the internet. And this on this machine the script does not seam to have any impact. I''m trying to limit my upload

Hi, how can I filter IPsec traffic with u32 filters? I know IPsec needs Port 500/UDP and IP protocols 50 and 51. I know how to get the port stuff, but how can I make u32 to match the protocol number? thx, cb _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

I am have a shorewall firewall and freeswan ipsec running on a redhat 8.0 Linux gateway machine. I have one working tunnel defined, all works well. I am not clear how to define mutiple concurrent tunnels. I can not add further interface entries as all the tunnels come in on ipsec0, do I still have mutiple zone definitions? some of the tunnels will be dynamic roadwarriors and as such would need a

Hello, I connected the network 192.168.1.0 with 192.168.2.0 over the internet trough a GRE-Tunnel. I don''t know if I set up all things right: The client-pcs in both networks have a subnet mask of 255.255.255.0 and 192.168.2.x''s default gateway is the server wich has started the tunnel. The 192.168.1.x''s default gateway is 192.168.1.250 wich routes traffic destinated to

I noticed the long standing Ipsec FSwan problem was fixed. But do you still have to make sure Ipec is not running when shorewall starts Reason I ask Is I could not get my Dmz working with Ipsec in the equation. Thanks Mike

I''ve been using the wondershaper 1.1 with much success. My problem is that I want to guarantee bandwidth to mail/VPN & web surfing and make sure that I don''t break the existing script. If not how do I make sure that I can guarantee bandwidth for mail, VPN & web surfing without hurting ftp uploads. Thanks

Hi, I''ve never actually even tried to use the IMQ device before, but I''ve watched the emails go back and forth on various problems associated with it, and what looks like some general instability. How stable is it really ? Is it suitable for full-time use on a large number of routers ? Has anyone used it on ipsec0 + eth0 devices for shaping ? and lastly, any difference

I am attempting to setup a simple network-to-network IPSec tunnel. The tunnel appears to be setup correctly because I can make connections between the networks and tcpdump shows esp packets going between the two gateways. My problem is that I cannot make connections from one gateway to the other through the tunnel. I think that this is a routing issue. Here is some more info about my network:

Tuomo Soini wrote: > You don''t happen to read shorewall-devel mailinglist ? I read it -- I just didn''t know what to make of your post and it arrived while I was on vacation. What exactly are you trying to accomplish that Shorewall isn''t doing for you now? e.g. /etc/shorewall/zones rw Roadwarriors Road Warriors /etc/shorewall/interfraces rw ipsec+

hi, I can''t get a freeswan 2.02 ipsec x509 connection at work can somebody help me? ************************************************************************************* global situation ************************************************************************************* the linux gateway (chivas) is a single machine 192.168.1.250 with a local net 192.168.1.0/24, a dyn IP via a DSL

Hi all Does anyone know if i can use ethernet aliases like eth0:1 in advanced routing like multipath routing in order to avoid to have nxEthernet interfaces in my Linux box. Thansk in advanced -- Guillermo Gomez <ggomez@neotechgw.net> neotech _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: